Exploitation Phase

Now that we've successfully completed Task 6 — gaining valid credentials (username + password) for the domain user alfredo — we are no longer just passive observers. We now have real access to the network.

🛠️ What Comes Next?

With domain credentials in hand, our next phase shifts to Active Directory enumeration and exploitation.

Here’s how we’ll proceed:

  • Enumerating AD relationships (ldapdomaindump, bloodhound-python)

  • Escalating privileges using built-in trust paths (net rpc, winPEAS) .

  • Achieving full control of the system and domain.

Previous6. Password Brute Force via SMB LoginNext7. Dump Domain Information via LDAP

Last updated